驅動程式 - Windows Driver Model (WDM) - 使用範例 - Assembly (MASM32) - Use Thread

參考資訊：
https://wasm.in/
http://four-f.narod.ru/
https://github.com/steward-fu/ddk
https://www.tutorialspoint.com/user-level-threads-and-kernel-level-threads
https://mropengate.blogspot.com/2015/01/operating-system-ch4-multithread.html

main.asm

.386p
.model flat, stdcall
option casemap:none
    
include c:\masm32\include\w2k\ntstatus.inc
include c:\masm32\include\w2k\ntddk.inc
include c:\masm32\include\w2k\ntoskrnl.inc
include c:\masm32\include\w2k\ntddkbd.inc
include c:\masm32\Macros\Strings.mac

includelib c:\masm32\lib\wxp\i386\ntoskrnl.lib
 
public DriverEntry
 
MyDeviceExtension struct
    bExit DWORD ?
    pThread PVOID ?
    pNextDev PDEVICE_OBJECT ?
MyDeviceExtension ends
 
IOCTL_START equ CTL_CODE(FILE_DEVICE_UNKNOWN, 800h, METHOD_BUFFERED, FILE_ANY_ACCESS)
IOCTL_STOP  equ CTL_CODE(FILE_DEVICE_UNKNOWN, 801h, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
.const
MSG_START   byte "IOCTL_START",0 
MSG_STOP    byte "IOCTL_STOP",0
 
.code
MyThread proc pParam : DWORD
    local pStr : DWORD
    local pDevExt : DWORD
    local stTime : LARGE_INTEGER
     
    or stTime.HighPart, -1
    mov stTime.LowPart, -10000000
 
    invoke IoGetCurrentProcess
    add eax, 174h
    mov pStr, eax
    invoke DbgPrint, $CTA0("Current process: %s"), pStr
 
    mov eax, pParam
    mov eax, (DEVICE_OBJECT ptr [eax]).DeviceExtension
    push eax
    pop pDevExt
    mov eax, (MyDeviceExtension ptr [eax]).bExit
    .while(eax != TRUE)
        invoke KeDelayExecutionThread, KernelMode, FALSE, addr stTime
        invoke DbgPrint, $CTA0("Sleep 1s")
        mov eax, pDevExt
        mov eax, (MyDeviceExtension ptr [eax]).bExit
    .endw
    invoke DbgPrint, $CTA0("Exit MyThread")
    invoke PsTerminateSystemThread, STATUS_SUCCESS
    ret
MyThread endp
 
IrpOpenClose proc pMyDevice : PDEVICE_OBJECT, pIrp : PIRP
    IoGetCurrentIrpStackLocation pIrp
    movzx eax, (IO_STACK_LOCATION ptr [eax]).MajorFunction

    .if eax == IRP_MJ_CREATE
        invoke DbgPrint, $CTA0("IRP_MJ_CREATE")
    .elseif eax == IRP_MJ_CLOSE
        invoke DbgPrint, $CTA0("IRP_MJ_CLOSE")
    .endif
 
    mov eax, pIrp
    and (_IRP ptr [eax]).IoStatus.Information, 0
    mov (_IRP ptr [eax]).IoStatus.Status, STATUS_SUCCESS
    fastcall IofCompleteRequest, pIrp, IO_NO_INCREMENT
    mov eax, STATUS_SUCCESS
    ret
IrpOpenClose endp
 
IrpIOCTL proc uses ebx pMyDevice : PDEVICE_OBJECT, pIrp : PIRP
    local pBuf : DWORD
    local dwLen : DWORD
    local pDevExt : ptr
    local hThread : DWORD
    local pThread : PVOID
 
    and dwLen, 0
    mov eax, pMyDevice
    push (DEVICE_OBJECT ptr [eax]).DeviceExtension
    pop pDevExt
 
    IoGetCurrentIrpStackLocation pIrp
    mov eax, (IO_STACK_LOCATION ptr [eax]).Parameters.DeviceIoControl.IoControlCode
    .if eax == IOCTL_START
        invoke DbgPrint, offset MSG_START
 
        mov ebx, pDevExt
        and (MyDeviceExtension ptr [ebx]).bExit, 0
 
        ; User Thread
        invoke PsCreateSystemThread, addr hThread, THREAD_ALL_ACCESS, NULL, -1, NULL, offset MyThread, pMyDevice
         
        ; System Thread
        ;invoke PsCreateSystemThread, addr hThread, THREAD_ALL_ACCESS, NULL, NULL, NULL, offset MyThread, pMyDevice
         
        .if eax == STATUS_SUCCESS
            mov ebx, pDevExt
            invoke ObReferenceObjectByHandle, hThread, THREAD_ALL_ACCESS, NULL, KernelMode, addr (MyDeviceExtension ptr [ebx]).pThread, NULL
            invoke ZwClose, hThread
        .endif
 
    .elseif eax == IOCTL_STOP
        invoke DbgPrint, offset MSG_STOP
        mov ebx, pDevExt
        mov (MyDeviceExtension ptr [ebx]).bExit, TRUE
        push (MyDeviceExtension ptr [ebx]).pThread
        pop pThread
        mov eax, pThread
        .if eax != NULL
            invoke KeWaitForSingleObject, pThread, Executive, KernelMode, FALSE, NULL
            invoke ObDereferenceObject, pThread
        .endif
    .endif
 
    mov eax, pIrp
    mov (_IRP ptr [eax]).IoStatus.Status, STATUS_SUCCESS
    push dwLen
    pop (_IRP ptr [eax]).IoStatus.Information 
    fastcall IofCompleteRequest, pIrp, IO_NO_INCREMENT
    mov eax, STATUS_SUCCESS
    ret
IrpIOCTL endp
 
IrpPnp proc pMyDevice : PDEVICE_OBJECT, pIrp : PIRP
    local pDevExt : ptr
    local szSymName : UNICODE_STRING
 
    mov eax, pMyDevice
    push (DEVICE_OBJECT ptr [eax]).DeviceExtension
    pop pDevExt
        
    IoGetCurrentIrpStackLocation pIrp
    movzx eax, (IO_STACK_LOCATION ptr [eax]).MinorFunction
    .if eax == IRP_MN_START_DEVICE
        mov eax, pIrp
        mov (_IRP ptr [eax]).IoStatus.Status, STATUS_SUCCESS
    .elseif eax == IRP_MN_REMOVE_DEVICE
        invoke RtlInitUnicodeString, addr szSymName, $CTW0("\\DosDevices\\MyDriver")
        invoke IoDeleteSymbolicLink, addr szSymName         
        mov eax, pIrp
        mov (_IRP ptr [eax]).IoStatus.Status, STATUS_SUCCESS
 
        mov eax, pDevExt
        invoke IoDetachDevice, (MyDeviceExtension ptr [eax]).pNextDev
        invoke IoDeleteDevice, pMyDevice
        fastcall IofCompleteRequest, pIrp, IO_NO_INCREMENT
        ret
    .endif
    IoSkipCurrentIrpStackLocation pIrp
 
    mov eax, pDevExt
    invoke IoCallDriver, (MyDeviceExtension ptr [eax]).pNextDev, pIrp
    ret
IrpPnp endp
 
AddDevice proc pMyDriver : PDRIVER_OBJECT, pPhyDevice : PDEVICE_OBJECT
    local pMyDevice : PDEVICE_OBJECT
    local szDevName : UNICODE_STRING
    local szSymName : UNICODE_STRING
 
    invoke RtlInitUnicodeString, addr szDevName, $CTW0("\\Device\\MyDriver")
    invoke RtlInitUnicodeString, addr szSymName, $CTW0("\\DosDevices\\MyDriver")
    invoke IoCreateDevice, pMyDriver, sizeof MyDeviceExtension, addr szDevName, FILE_DEVICE_UNKNOWN, 0, FALSE, addr pMyDevice
    .if eax == STATUS_SUCCESS
        invoke IoAttachDeviceToDeviceStack, pMyDevice, pPhyDevice
        .if eax != NULL
            push eax
            mov eax, pMyDevice
            mov eax, (DEVICE_OBJECT ptr [eax]).DeviceExtension
            pop (MyDeviceExtension ptr [eax]).pNextDev
 
            mov eax, pMyDevice
            or (DEVICE_OBJECT ptr [eax]).Flags, DO_BUFFERED_IO
            and (DEVICE_OBJECT ptr [eax]).Flags, not DO_DEVICE_INITIALIZING
            invoke IoCreateSymbolicLink, addr szSymName, addr szDevName
        .endif
    .endif
    ret
AddDevice endp
 
Unload proc pMyDriver : PDRIVER_OBJECT
    ret
Unload endp
 
DriverEntry proc pMyDriver : PDRIVER_OBJECT, pMyRegistry : PUNICODE_STRING
    mov eax, pMyDriver
    mov (DRIVER_OBJECT ptr [eax]).MajorFunction[IRP_MJ_PNP            * (sizeof PVOID)], offset IrpPnp
    mov (DRIVER_OBJECT ptr [eax]).MajorFunction[IRP_MJ_CREATE         * (sizeof PVOID)], offset IrpOpenClose
    mov (DRIVER_OBJECT ptr [eax]).MajorFunction[IRP_MJ_CLOSE          * (sizeof PVOID)], offset IrpOpenClose
    mov (DRIVER_OBJECT ptr [eax]).MajorFunction[IRP_MJ_DEVICE_CONTROL * (sizeof PVOID)], offset IrpIOCTL
    mov (DRIVER_OBJECT ptr [eax]).DriverUnload, offset Unload
    mov eax, (DRIVER_OBJECT ptr [eax]).DriverExtension
    mov (DRIVER_EXTENSION ptr [eax]).AddDevice, AddDevice
    mov eax, STATUS_SUCCESS
    ret
DriverEntry endp
end

app.asm

.386p
.model flat, stdcall
option casemap:none
    
include c:\masm32\include\windows.inc
include c:\masm32\include\masm32.inc
include c:\masm32\include\user32.inc
include c:\masm32\include\msvcrt.inc
include c:\masm32\include\kernel32.inc
include c:\masm32\include\w2k\ntddkbd.inc
include c:\masm32\Macros\Strings.mac
     
includelib c:\masm32\lib\user32.lib
includelib c:\masm32\lib\masm32.lib
includelib c:\masm32\lib\msvcrt.lib
includelib c:\masm32\lib\kernel32.lib
    
IOCTL_START equ CTL_CODE(FILE_DEVICE_UNKNOWN, 800h, METHOD_BUFFERED, FILE_ANY_ACCESS)
IOCTL_STOP  equ CTL_CODE(FILE_DEVICE_UNKNOWN, 801h, METHOD_BUFFERED, FILE_ANY_ACCESS)

.data?
hFile dd ?
dwRet dd ?
    
.code
start:
    invoke CreateFile, $CTA0("\\\\.\\MyDriver"), GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0
    mov hFile, eax
    invoke DeviceIoControl, hFile, IOCTL_START, NULL, 0, NULL, 0, offset dwRet, NULL
    invoke Sleep, 3000
    invoke DeviceIoControl, hFile, IOCTL_STOP, NULL, 0, NULL, 0, offset dwRet, NULL
    invoke CloseHandle, hFile
    invoke ExitProcess, 0
 
end start
end

完成